The constant progress of the communication systems and technology, particularly with the explosion of the Internet and intranet networks, has resulted in the development of an era of information and services. Nowadays, computers and, more generally, the Information Handling Systems (I.H.S.) such as the desktop computers, the laptop computers and any type of hand-held or portable systems can be used for accessing a wide variety of transactions or services, wherever the user or the customer of the new information era is.
This clearly raises the problem of the security of access to the source of information and, more generally, to the transaction and services.
In the new world of information, exemplified by the development of the Internet and intranet networks, security issues are becoming more and more critical.
Some techniques are already known for solving—at least partly—the problem of security of access to sensitive databases and, more generally, to any Information Handling System.
One of the first techniques which was used was the combination of the well-known user id and password which guarantees—up to a certain extent—that a user trying to access a predetermined system is an authorized user. Any user having neither user id nor the corresponding password will be considered as an unauthorized user and the access to the resource will be denied. While such a system has shown great efficiency in the past, it now shows to be clearly insufficient in the more recent systems.
The combination of the user identifier and the password was improved by the use of a specific smart card reader. In a more sophisticated way, the logon procedure is replaced (or completed) by the simultaneous use of a secure smart card reader in order to enable a remote system to make sure that the supposed user is the one who owns the authentication smart card. Clearly such a solution is a significant improvement brought to the security of the system, but it does not prevent any unauthorized modification or setting to the configuration of the system requesting access to the service.
More sophisticated systems were developed, based on the use of biometric identification or even the checking of some parameters internal to the user configuration, such as the Internet Protocol (I.P.) address of the customer home or office when the latter tries a connection to a remote system. Such systems provide partial solutions to some security issues, but do not provide an overall solution which can be used for a wide variety of IHS systems, based on multiple configurations, which encompasses as well as the user data and the internal configuration of the system.
No solution guarantees that the system has not been modified. Simple modifications, like adding devices such as USB data storage, or replacing a biometric reader by another device, may be harmful, as they allow bypassing of applications security.
Clearly, there is still a need for a global solution for improving security in computers and, more generally, IHS systems, based on a wide variety of machines and their various configurations.